activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martyn Taylor (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMQ-5729) Audit log shows plaintext password for QueueView.sendTextMessage
Date Wed, 15 Apr 2015 14:12:58 GMT
Martyn Taylor created AMQ-5729:
----------------------------------

             Summary: Audit log shows plaintext password for QueueView.sendTextMessage
                 Key: AMQ-5729
                 URL: https://issues.apache.org/jira/browse/AMQ-5729
             Project: ActiveMQ
          Issue Type: Bug
          Components: JMX
    Affects Versions: 5.11.1
            Reporter: Martyn Taylor


Each AuditLogEntry dumps all arguments for the method call to the Audit log.  Some of these
arguments should not be logged as they may contain senstive information.  For example QueueView.sendTextMessage
contains user password information.

Example Log Entry:
anonymous called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[String, admin, mypassword]
at 04-03-2013 11:00:00



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message